Title: "Methods and Apparatus to Provide a Platform-Level Network Security System" 

Inventors: Garg et al. 
Attorney Docket No. INTEL/17848 



OS 



OS Loader 



EFI 



Platform Firmware 



Hardware 



100 
FIG. 1 



150 
140 
130 
120 
110 



252 



Application(s) 



I 



Protocol Stack 



OS 



Interrupt Handler 



Network Adapter 
Driver 

~5 



EFI 



NSF 



Network Interface 



Incoming Packet(s)- 



256 I 



270 



I - - 250 



254 I 



235 



I r - 230 

V 

I 



210 



-o Outgoing Packet(s) 



200 



FIG. 2 



Title: "Methods and Apparatus to Provide a Platform-Level Network Security System" 

Inventors: Garg et al. 
Attorney Docket No. INTEL/17848 



270 



310 



235 



300 



Application(s) 



330 



NSF 



320 



Internet 



340 



300 
FIG. 3 

// GUID definition 

#define EFI_NETWORK_SECURITY_FIREWALL {DEADBEEF-XXXX- YYY 
//Revision Number 

^define EFI_NETWORK_SECURITY_FIREWALL REVISION 0x00010000 



typedef struct _EFI_NETWORK_SECURITY_FIREWALL{ 

^ UNIT64 Revision; 

I EFI_NETWORK_SECURITY_FIREWALL_INIT 

I EFI_NETWORK_ SE C URI TY_FIREWALL_DEINI T 

I EFI_NETWORK_SECURITY_FIREWALL_CHECK_PKT 

I EFI_NETWORK_SECURITY_FIREWALL_ADD_RULE 

432 </ EFI_NETWORK_SECURITY_FIREWALL_DELETE_RULE 

I EFI_NETWORK_SECURITY_FIREWALL_XXXXXXX 

; EFI_NETWORK_SECURITY FIREWALL YYYYYYY 



422 



EFI_NETWORK_SECURITY_FIREWALL_CONFIG_DATA 
} EFI_NETWORK_SECURITY_FIREWALL; 



Fwlnit; 

FwDelnit; 

FwChkPkt; 

FwAddRule; 

FwDelRule; 

FwXxxxxx; 

FwYyyyyy; 

ConfigData, 



typedef struct _EFI_NETWORK_SECURITY_FIREWALL_CONFIG_DA TA { 
UINT32 Rule ID; 
UINT32 Source! PAddress; 
UINT32 DestinationlPAddress; 



} EFI_NETWORK_SECURITY_FIREWALL_CONFIG_DA TA; 
// define function pointers 
EFI_STATUS 

(EFIAPI * EFI_NETWORK_FIREWALL_INlT) ( 

IN EFI_NETWORK_SECURITY_FIREWALL_CONFIG_DATA InitData 

); 



EFI_STATUS 

(EFIAPI * EFI_NETWORK_FIREWALL_INIT) ( 
VOID 

); 

400 



FIG. 4 



Title: "Methods and Apparatus to Provide a Platform-Level Network Security System" 

Inventors: Garg et al. 
Attorney Docket No. INTEL/17848 



524 
534 



526 
536 



EFI System Table 



GUID 



Data Pointer 



GUID 



Data Pointer 



GUID 



Data Pointer 



0x00000000 



510 



522 
532 



520 



530 



Fwlnit 



FwDeinit 



FwXxxxxx 



► Implementation 



Implementation 



► Implementation 



Config Data 



OxFFFFFFFF 
500 



Config Data 



FIG. 5 



Title: "Methods and Apparatus to Provide a Platform-Level Network Security System' 

Inventors: Garg et al. 
Attorney Docket No. INTEU17848 



C START ) 

T 

Receive IRQ from network 
interface 



i 



610 



Notify network interface driver 



I 



620 



Retrieve network packet from 
network interface 



i 



630 



Identify NSF from EFI 



640 




► Deny network packet 



Transmit network packet to 
destination 



C 



I 



660 



END 



> 



600 



FIG. 6 



Title: "Methods and Apparatus to Provide a Platform-Level Network Security System" 

Inventors: Garg et al. 
Attorney Docket No. INTEL/17848 



1040 




z 



1060 



Input Device(s) 



1070 



Output 
Device(s) 




i 


i 

j 1050 


Interface 




► 




v 1080 

r / 


Mass Storage 
Device(s) 





To and/or 

from 
Network 



1000 



FIG. 7 



